[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: infinite loop bug in libidn (pr29_4)

From: Simon Josefsson
Subject: Re: infinite loop bug in libidn (pr29_4)
Date: Tue, 10 Jan 2012 21:20:56 +0100
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux)

Simon Josefsson <address@hidden> writes:

> Simon Josefsson <address@hidden> writes:
>> Jon Nelson <address@hidden> writes:
>>> On or around line 1260 of lib/pr29.c, in the pr29_4 function.
>>>   for (i = 0; i < len; i++)
>>>     if ((row = first_column (in[i])) > 0)
>>>       for (j = i + 1; j < len; j++)
>>>     if (combinationclass (in[j]))
>>>       for (k = j + 1; k < len; j++)
>>>         if (in_last_column_row (in[k], row))
>>>           return PR29_PROBLEM;
>>> The infinite loop occurs when the character is present in
>>> combinationclass but the following character is *not* in
>>> in_last_column_row.
>>> I believe the "k" loop should be incrementing *k* not *j*.
>> Thanks for the report, Jon.  Do you have any example input strings that
>> trigger this?  I'm sure I can work it out, but if you have them it would
>> speed things up.
> I was able to reproduce the bug using the string U+1100 U+0300 U+4711.
> I agree with your fix, although there may be more problems with that
> code.  I'm working on it.

Should be fixed now, for the soon to be released 1.24.  It turned out
there was no substance to my fears about other problems here, at least
as far as I could tell.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]